Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Container isolation is at risk. Just 3 lines of code to breach NVIDIA’s AI environments.

Redazione RHC : 25 July 2025 08:23

Cloud security firm Wiz has identified a critical vulnerability in the NVIDIA Container Toolkit, identified as CVE-2025-23266 and with a CVSS score of 9.0. The vulnerability, dubbed NVIDIAScape, could pose a serious threat to cloud services that use artificial intelligence and GPU-based containerization.

The bug affects all versions of the NVIDIA Container Toolkit up to and including 1.17.7, as well as NVIDIA GPU Operator up to version 25.3.0. The vulnerability has already been fixed in the new versions 1.17.8 and 25.3.1, respectively.

The issue is related to the use of so-called OCI hooks, designed to initialize containers. One of these hooks, “createContainer,” is misconfigured, allowing an attacker to load a malicious library when the container starts.

The problem is that the hooks run with elevated privileges and in the context of the container’s file system, allowing the attacker to inject code with minimal effort. Wiz researchers pointed out that the attack can be performed with just three lines in the Dockerfile, which set the LD_PRELOAD variable and load the malicious library. As a result, the attacker can not only escape the container, but also take control of the host system.

What’s particularly alarming is that the vulnerability affects approximately 37% of cloud environments using AI. This means that a single compromised container can be used to access data and models from other clients hosted on the same physical servers. The attack could therefore lead to intellectual property theft, workflow disruptions, and denial of service.

Wiz had previously reported two similar issues in the NVIDIA toolkit, CVE-2024-0132 and CVE-2025-23359, both with the potential for full system takeover. The new vulnerability has once again demonstrated the weakness of container isolation mechanisms. According to the team, the exclusive use of containers as a security measure is unacceptable: additional barriers such as virtualization are necessary, especially in multi-tenant infrastructures.

The NVIDIAScape situation raises urgent questions about the resilience of modern infrastructures to attacks, where known and legacy hacking vectors could be more effective than hypothetical AI-based threats. Issues at the level of basic components, such as container hooks, demonstrate that attention to detail and regular updates remain key elements of defense.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr